Human Rights Review Tribunal slams "gross over-reaction" by employer

Employers, and their senior employees, are often proud of their business and the culture within that organisation. So an employer may have an understandable desire to retaliate when an employee or an ex-employee makes derogatory remarks about the company on social media. Regardless of the conduct of the employee, an employer’s response is restricted by certain legal obligations, including under the Privacy Act 1993.

The information privacy principles under the Privacy Act exist to protect people’s private information from unauthorised and unwanted disclosure by organisations. These protections are in place to reassure people providing information to their banks, insurers and employers – safe in the knowledge that the information will only be used for the purpose it was provided.

In a recent decision from the Human Rights Review Tribunal (HRRT) against Credit Union Baywide, that company was found to have seriously breached privacy principle 11 by disclosing an ex-employee’s private Facebook photo to recruitment agencies and her new employer. We discuss the case below, not just because of the large sum of damages that were awarded against the employer. The case also raises a number of important issues relating to privacy, social media use, good faith and employee conduct.

Hammond v NZ Credit Union Baywide

Ms Hammond was employed by Credit Union Baywide, but had recently resigned to move to another company in the region. A friend of hers had also recently resigned, albeit by way of a mediated settlement. It was clear that Ms Hammond and her friend took a dim view of the circumstances of the friend’s exit. In order to cheer her friend up, Ms Hammond baked a cake which she iced with several abusive words describing Credit Union Baywide. She served this cake at a party of around 10 people (who she claims found it hilarious). She also posted a photograph of the cake on Facebook – with a privacy setting restricted to only allow her 150 Facebook friends to view it.

Despite the privacy of the Facebook post, Credit Union Baywide’s management found out about the photograph as it was the subject of workplace gossip. How the company reacted set the tone for a sizeable award.

The HRRT described the behavior of some of the executive team at Credit Union Baywide, and one manager in particular, in strong terms. These included describing the intensity and vehemence of the response to the cake picture as “shameful” and a gross overreaction. That manager required the HR manager to get a junior employee who was a Facebook friend of Ms Hammond to access Ms Hammond’s Facebook account to obtain a copy of the cake photo. The photo was then sent to several recruitment agencies. This had the effect of scuttling Ms Hammond’s prospects of re-employment.

When it was discovered that Ms Hammond was employed by a company which did business with Credit Union Baywide, the photo was forwarded to that organisation. Credit Union Baywide also withheld its business from that organisation so long as Ms Hammond remained employed there. This caused Ms Hammond to eventually resign from her new employment. As a result of the harm to her reputation caused by Credit Union Baywide, Ms Hammond was unable to obtain employment for 10 months. She suffered significant income loss as a result.

The HRRT found that the actions were clear breaches of Principle 11 in that they were unauthorised disclosures of private information – the photograph posted on the Facebook page. It is worth noting that this appears to run contrary to other cases which have held that posting material on Facebook to a large number of people (even if they are private “friends”) is essentially making the information available to the public. In this case the information certainly spread beyond the 150 friends, as Credit Union Baywide became aware of it within days of its posting.

One aspect of the case was the HRRT’s analysis of Ms Hammond’s contributory conduct. While the employee’s conduct is not a necessary consideration in the HRRT, as it is in employment cases, the decision points out that remedies for privacy breaches are discretionary. The HRRT considered Ms Hammond’s conduct and found that there was no conduct which would affect its discretion over remedies. It said that the cake was baked at a private party and “the humour was none the worse for being somewhat direct, if not earthy in nature”. This is the part of the decision which has been causing the most commentary on social media and newspaper message boards. The cake in question used words which are ranked number 1 and number 7 as most unacceptable in the Broadcasting Standards Authority’s 2013 survey of most offensive terms in broadcasting: https://bsa.govt.nz/images/assets/Research/What-Not-to-Swear-Full-BSA2010.pdf (CAUTION - the nature of this research means that it includes many offensive words and phrases). To describe the words as “earthy” seems to ignore the most current New Zealand research on public perception of certain words.

A major reason the decision made newspaper headlines is the quantum of the award for humiliation, loss of dignity and injury to feelings - $98,000. Compare this to awards for hurt and humiliation in employment personal grievance cases, which most commonly sit between $3,000 and $8,000. The most serious employment cases can involve awards of around $25,000. An award of this size sends a clear deterrent message to organisations that privacy breaches are a serious matter and can result in high awards where the breach of privacy has had a significant effect on a claimant.

What could Credit Union Baywide have done?

Given the offensive terms used on the cake, and the fact that knowledge of the picture spread well beyond Facebook, some observers have sympathised with Credit Union Baywide’s position. Employers always want to protect their brand against such actions by employees (or others) that causes real commercial harm. Obviously, this needs to be balanced against the rights of the employee, including their privacy.

In this case, Ms. Hammond had resigned but was still within her notice period. This means that she was still bound by the statutory duty of good faith towards Credit Union Baywide. The employer could have considered seeking a penalty against her for breach of a term of her employment agreement. Certainly it could have used the opportunity to seek the removal of the picture from social media.

The HRRT found that, had the manager’s personal animosity been reined in and more mature counsel prevailed, Credit Union Baywide could have avoided the enormous harm inflicted on Ms. Hammond and eventually, upon itself. The internal staff (including a Human Resources specialist) failed to identify the seriousness of the proposed breaches of privacy. This was the sort of situation where external advice could have removed the emotion from a situation, and ensured that the response did not make a bad situation worse.

How we can help

Jackson Russell is experienced in dealing with all aspects of employment law. We regularly assist employers with advice about their privacy obligations. We also assist with disciplinary matters, the specific issues caused by social media, and general breaches of employment agreements.

If you would like further information about disciplinary matters, or require advice on anything related to privacy law and employment relations, please contact your usual Jackson Russell advisor or our Employment Law specialists.